On May 14, 2009, at 8:23 PM, Andrej van der Zee wrote:
Hi,
2) does, but "helpfully" converts the time to local time (in
which
case, whoever decided to be "helpful" needs to be hit with said
sock).
I found that tcpdump with - converts to local time, but tcpdump
-tt report GMT.
Hi,
> 2) does, but "helpfully" converts the time to local time (in which
> case, whoever decided to be "helpful" needs to be hit with said sock).
I found that tcpdump with - converts to local time, but tcpdump
-tt report GMT.
>
> However, even with standard pcap files, which have GMT
On May 14, 2009, at 7:20 PM, Jefferson Ogata wrote:
But the point of storing the mostly irrelevant zone data as metadata
is so that it can be recorded when pcap timestamps are UTC, as they
always should have been. I'd like to find the person who decided to
store localtime instead of gmtime
On 2009-05-15 01:48, Guy Harris wrote:
pcap-NG:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
can store a 4-byte "Time zone for GMT support" value of unspecified
interpretation (probably a seconds-from-GMT offset), although, if the
capture crosses a standard time/summer time
On May 14, 2009, at 6:10 PM, Andrej van der Zee wrote:
Thanks a lot for your email. I wish .cap files stored some
meta-information such as local timezone, IP address, etc.
pcap-NG:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
can store a 4-byte "Time zone for GMT suppo
Thanks a lot for your email. I wish .cap files stored some
meta-information such as local timezone, IP address, etc. Well, that's
just my bad luck.
Cheers,
Andrej
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
On May 14, 2009, at 5:41 PM, Andrej van der Zee wrote:
I am having a problem with the timestamps in .cap files. I receive
.cap files captured on machines in a different timezone (GMT +1 or GMT
+3). When I do a "tcpdump -r en0.cap -n -" then the timestamps
are corrected to my local timezon
Hi,
I am having a problem with the timestamps in .cap files. I receive
.cap files captured on machines in a different timezone (GMT +1 or GMT
+3). When I do a "tcpdump -r en0.cap -n -" then the timestamps
are corrected to my local timezone (GMT +8 or GMT +9). The problem is
that I need the t
Not what I wanted to hear. I don't think there is a config file for this. But
thanks a bunch for replying.
Guy Harris wrote:
On May 13, 2009, at 4:41 PM, Rick wrote:
AIX libpcap 9.8-2 seems to create these when it's loaded. Is there
some way to configure it to create more of these ?
You
Hello,
A device like an Endace DAG can provide nanosecond timestamped packets using
the usec field of the PCAP format to store the nanoseconds.
Moreover, it seems that this variation of the PCAP format is tolerate if you
use the NSEC_TCPDUMP_MAGIC magic number in your PCAP file.
But in fact, this
On Wed, May 13, 2009 at 11:28 PM, Andrej van der Zee
wrote:
> Hi,
>
> I could not find any users-list for tcpdump, so I am sorry if I offend
> anybody.
>
> I have two questions about tcpdump:
>
> 1) I get many UDP packages that have an IP that is not bound to one of my
> interfaces, like this one
11 matches
Mail list logo
